All’s well that ends well – this is what every Windows computer user should be saying after Microsoft announces the fix for the 19-year-old bug with emergency patch. The bug that existed in almost every version of Windows since Windows 95 was discovered by IBM Corporation’s cyber security research team in May 2014.
As described by the IBM security researcher, the bug would have allowed the attackers to exploit the victim’s to run code remotely on the user’s machine, especially when the user visits any malicious website.
IBM Researcher Robert Freeman said, “The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine.”
Robert further described the vulnerability as “rare, ‘unicorn-like bug found in the code that IE relies on but doesn’t necessarily belong to.”
Making things further scary, it has also been found that the same bug has also been found in the Microsoft’s Windows Server platforms – putting the security of websites handling encrypted data at risk. This bug is specially related to Microsoft Secure Channel – also known as SChannel.
To find out the severity of this security flaw, researchers compared this latest threat with other significant flaws that came to light in this year, such as the Heartbleed bug and Shellshock. After comparing these threats, researchers came to a point that its impact can definitely be significant, but at the same time, it might be more difficult for the attackers to exploit. Therefore, this might be the reason why no evidence of anyone actually exploiting the bug came to light.
In the meantime, the patch released by the Microsoft for the 19-year-old bug only applies to Windows Vista and above versions. For users still running Windows XP, for which support from Microsoft has already ended in April, might have to deal with the security flaw that is even older.
